Troubleshooting

Service does not work

I have configured ESET LiveGuard Advanced, but it is still not working

How to get logs?

I do not see some submitted files in ESET PROTECT Web Console

Behavioral flags do not seem to be correct

How can I exclude a detected file from being moved to the Quarantine?

What if the license expires?

What if the Status field in the Submitted files window is empty?

ESMC is not downloading the ESET LiveGuard Advanced data

What if I am getting "Sent to LiveGrid" status for files submitted to ESET LiveGuard Advanced

The product refuses my ESET LiveGuard Advanced license

I am getting one of following error messages under Computer Details > Alerts

Files sent to ESET LiveGuard Advanced do not display in Webconsole

I am getting the following error: Your license does not include a file behavior report

I have a suspicious sample, what should I do?

Activation of ESET LiveGuard Advanced fails


Service does not work

Verify ESET LiveGuard Advanced is activated and configured.

Also verify the following items:

Is the ESET LiveGuard Advanced license used?

Is the ESET LiveGuard Advanced Policy applied?

 

I have configured ESET LiveGuard Advanced, but it is still not working

Verify there is a working network connection between the ESET Management Agent and the ESMC Server.

View connectivity issues between the remote management server and ESET LiveGuard Advanced directly in the Web Console in Dashboards > Security Management Center Server > Security Management Center network peers with problems.

You can also check the HTTP Proxy settings in ESET PROTECT Server Settings.

 

Collect the log files

You can review log files section in the ESET PROTECT Online Help guide.

 

I do not see some submitted files in the Web Console

This is typical behavior if you are using a roaming endpoint.

 

Behavioral flags do not seem to be correct

If the reported behavioral flag does not seem to be correct you can:

Report it to ESET support or send the sample to samples@eset.com. See our article about submitting samples.

Visit the ESET Security Forum and consult the ESET community for information about issues you may encounter.

 

How can I exclude a detected file from being moved to the Quarantine?

If you are sure that the detected file is safe, you can whitelist it.

 

What if the license expires?

When the ESET LiveGuard Advanced license expires, you are still able to submit suspicious files for malware analysis. However, you will not receive the file analysis results or the file behavior report.

 

What if the Status field in the Submitted files window is empty?


note

Are you a user of ESET PROTECT Cloud?

This troubleshooting method is for users of on-premises remote management consoles, ESET Security Management Center and ESET PROTECT.

1.Check the Dashboard (in your remote management console) as described here: I have configured the ESET LiveGuard Advanced, but it is still not working

2.Click Reports > Security Management Center management > Audit log > Download > PDF. You can attach this log when requesting support from ESET Technical Support or inspect it for yourself.

 

If there are ESET LiveGuard Advanced related errors or problems, get the trace logs and contact ESET Technical Support (see the steps below). Otherwise, you can restart the results retrieval process at the remote management server.

 

How to get the trace log:

1.To enable trace verbosity logging in the Web Console, click More… > Server Settings > Advanced Settings > Logging > Trace log verbosity > Trace.

2.Restart the ESET PROTECT / ESMC service or the machine and wait 15 - 20 minutes.

3.Logs are located on the ESET PROTECT / ESMC Server machine:

i.Windows: C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs

ii.Linux: /var/log/eset/RemoteAdministrator/Server/

protect_trace

arrow_down_business I am using ESMC

 

How to restart the download of the ESET LiveGuard Advanced results

Restart the data retrieval process on the ESET PROTECT (or ESMC) Server. A restart can help when the Server is not downloading new data from the ESET cloud or the download is too slow.

1.Turn off the ESET PROTECT (or ESMC) Server service.

2.Log in to the ESET PROTECT (or ESMC) database using SQL Server Management Studio or the MySQL client on Linux systems.

3.Modify the table tbl_key_value_pairs in the ESET PROTECT (or ESMC) database:
 
When using SSMS, open the table and remove the line containing string eset-dynamic-threat-detection-customers
 
When using MySQL, open the database and execute the command delete from tbl_key_value_pairs where pair_key = 'eset-dynamic-threat-detection-customers';
 
When using ESET PROTECT (or ESMC) Virtual Appliance:

a)Log in to the Terminal on the virtual machine where the appliance is running.

b)Log in to the database: mysql -u root -p era_db

c)Enter the password. It is usually the same as your Web Console Administrator's password.

d)Run the following command:
delete from tbl_key_value_pairs where pair_key = 'eset-dynamic-threat-detection-customers';
 

4.Turn on the ESET PROTECT (or ESMC) Server and do not restart or switch it off for 24 hours.

 

What if I am getting "Sent to LiveGrid" status for files submitted to ESET LiveGuard Advanced

Possible causes:

The file or spam email you submitted was already detected.

The ESET LiveGuard Advanced license was not imported using EBA but was directly imported to the security product or the remote management console.

 

To enable sending files to ESET LiveGuard Advanced:
 

1.Remove the license from your License Management.
 

troubleshooting_2

 

2.Import your license to EBA.

3.Synchronize your EBA with your remote management Server (ESMC or ESET PROTECT).

4.Certain modules need to be reloaded on client machines. There are two options to reload modules:

Wait for a few hours until modules are reloaded.

For immediate reload you can "restart" ESET LiveGuard Advanced on clients. To restart, send a deactivation policy for ESET LiveGuard Advanced, and when the policy is applied, send another one for activation.

 

The product refuses my ESET LiveGuard Advanced license

After entering your ESET LiveGuard Advanced license key in the Web Console, you received the following error message:

    Failed to add license by license key: License is issued for a product that can not be managed with ESET Security Management Center. Please enter a different license.

or

  Failed to add license by license key: License is issued for a product that can not be managed with ESET PROTECT. Please enter a different license.

After entering your ESET LiveGuard Advanced license key directly in the security product, you received the following error message:
Activation failed. License and product do not match.
 

The license must be entered only via EBA. Read more about importing the license.

I am getting one of following error messages under Computer Details > Alerts

Problem

Problem detail

Cause and solution

ESET LiveGuard Advanced is not accessible

ESET LiveGuard Advanced is not working. Connection to authentication servers failed.

The ESET license servers are not accessible.

Firewall (another setting) is blocking the communication.

The service is temporarily unavailable.

Check your firewall settings.

ESET LiveGuard Advanced is not accessible

ESET LiveGuard Advanced license has expired.

Your ESET LiveGuard Advanced license was functional and is now expired. Re-new the license or disable the ESET LiveGuard Advanced setting in the policy.

ESET LiveGuard Advanced is not activated or the license is invalid.

ESET LiveGuard Advanced is not activated or the license is invalid.

You have enabled ESET LiveGuard Advanced on the target computer, but the machine is not activated with a proper license. Disable the ESET LiveGuard Advanced setting in the policy or activate the machine with an ESET LiveGuard Advanced license.

ESET LiveGuard Advanced is not accessible

The ESET LiveGuard Advanced servers cannot be reached. This could be due to an outage or a problem with the network connection.

Your machine cannot reach ESET LiveGuard Advanced servers. This is usually caused by a proxy service failure. Try to restart the Apache HTTP Proxy service. If the problem persists, the proxy could be overloaded. You can:

Divide the load from agents to more proxies

Upgrade hardware on the proxy machine

Use the Apache HTTP Proxy 64-bit build (if are using the 32-bit, and your system is x64 architecture)

Temporarily stop using the proxy to confirm that it is causing the issue

Web Console is not showing any results

Analysis results are not delivered to the ESMC Server.

The HTTP Proxy could be overloaded. Try moving the HTTP Proxy to a different server or/and adding more resources. When you move the HTTP Proxy to a new address, you need to update the endpoints' policy too.

ESET LiveGuard Advanced is not accessible

ESET LiveGuard Advanced offline license error.

ESET LiveGuard Advanced does not support offline license activation. Check your license.

ESET LiveGuard Advanced is not accessible

ESET LiveGuard Advanced is not working. Unknown authentication error.

ESET authentications servers are not reachable from the client machine. Verify you can reach edf.eset.com.


note

Note

ERA 6.x does not support ESET LiveGuard Advanced. The Web Console only displays the Problem column, not the Problem detail column. If you keep getting one of ESET LiveGuard Advanced errors in ERA 6.x, you have probably enabled ESET LiveGuard Advanced in a policy.

Files sent to ESET LiveGuard Advanced do not display in the Web Console

If your OS—usually an older Windows Server—does not trust the ts.eset.com certificate, files are not sent to the ESET LiveGuard Advanced servers. To fix this trust issue, import DigiCert Global Root G2 and Thawte TLS RSA CA G1 root certificates to your operating system.

The Web Console can display submitted files only when the client Management Agent is connecting (replicating) to the ESMC Server. Files submitted from roaming endpoints are displayed after the Agent connects the Server again.


important

When using ESET LiveGuard Advanced in an enterprise-level environment (hundreds of machines or more), we recommend deploying HTTP Proxy on a dedicated server. Running the HTTP Proxy service on a heavily utilized server (e.g., besides the ESMC Server or database) may result in ESET LiveGuard Advanced connection problems.

You can exclude selected folders and processes to decrease the number of submitted files and improve the overall performance.

I am getting the following error: Your license does not include a file behavior report

If your are using EBA to manage your licenses and your total seat count for ESET LiveGuard Advanced licenses is below 100, you are not eligible for full Behavioral report. Some versions of management console does not provide the behavior report at all. You need to raise your seat count to 100 or more to get the report.

I have a suspicious sample, what should I do?

See the Recommendations for users with a suspicious sample.

Activation of ESET LiveGuard Advanced fails

If you have added a license via License Key and then converted to a cloud bundle, you will see ESET LiveGuard Advanced license in the Console, but the activation would fail. You need to remove the bundle from license management and add it via EBA.